There are no predefined rules to track and send notifications about the use of IAM credentials. However, by using a combination of AWS CloudTrail and Amazon CloudWatch Events with a custom rule, you can send a notification to an Amazon Simple Notification Service (Amazon SNS) topic or Amazon Simple Queue Service (Amazon SQS) queue.

Start by making sure you have set up the necessary prerequisites for CloudWatch Events and have CloudTrail enabled before creating a custom CloudWatch Events rule.

For Targets, choose Add Target, and choose the AWS service you want to respond to the event, such as an SNS topic or SQS queue.

Note: Setting up CloudWatch Logs is optional.

CloudWatch Events and rules are represented as JSON objects. A rule has a simple match or no match logic that is applied to events. Based on the structure of events, we can build custom patterns for the specific criteria we want to match. For example, to track a single access key, you can use this template:

This can be adapted to match any field or combination of fields, and it can track notifications for a range of criteria, such as access keys, login types, and specific user identities. It's also a security best practice to remove unused IAM credentials from your account. See Finding Unused Credentials for more information.